Re: Secure Finger Daemon

Sun, 06 Jan 2002 14:50:08 -0800 

my Finger Daemon conclusion...

First, Thanks for all the answers to my question.

Well, so it really seems it's better to avoid using
any finger daemon, security has always priority.

Anyway I thought the finger daemon would be a nice
feature for the .plan files, userinfo and mail info
for the users of my box.

Maybe running fingerd in a chrooted jail as not-root
user would be a secure-like solution, got to think about it.

Thanks again for all the replays,
have a nice time...
 -Ivo

On Sat, 2002-01-05 at 19:09, eim wrote:
> Hello,
> 
> I'm planing to install a secure finger daemon
> on one of the public boxes I admin.
> 
> Well, out there are really many different finger
> daemons and in the Debian stable tree I can find:
> 
>       * efingerd - Another finger daemon for unix 
>                  capable of fine-tuning your output.
>       * xfingerd - BSD-like finger daemon with qmail support.
>       * ffingerd - A secure finger daemon
>       * fingerd - Remote user information server.
>       * cfingerd - Configurable and secure finger daemon
> 
> So I've considered using fingered which should be secure.
> 
> Often I hear and read about exploited finger daemons which
> gave the attacker system access so I'm asking on this list
> help about the F Daemon.
> 
> Which Finger daemon is *really* secure ?
> Shouldn't I install this service at all ?
> Any experiences about compromised systems ?
> 
> Thanks for any help !
> Have a nice time,
>  - Ivo
> 
> -- 
> 
>  »« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
>  Ivo Marino                    [EMAIL PROTECTED]
>  UN*X Developer, running Debian GNU/Linux
>  irc.OpenProjects.net #debian
>  http://eimbox.org
>  »« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 
-- 

 »« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
 Ivo Marino                    [EMAIL PROTECTED]
 UN*X Developer, running Debian GNU/Linux
 irc.OpenProjects.net #debian
 http://eimbox.org
 »« »« »« »« »« »« »« »« »« »« »« »« »« »« »«


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to